SCVMM

VMM has become more than just bunch of virtual machine management peace in the System Center roadmap. When it comes to virtualized datacenter management VMM has become center peace of that fabric management. In this article I’m going to explore various storage options VMM provides and how we can leverage them to store VM files. First things first we’ll look at the options we have when it comes to adding the storage into the VMM,

Now we have the capability of adding the storage on file servers. Why this becomes more important is due to the increase demand of storage request by the companies and the cost companies want maintain on IT expenditure. Purchasing SAN storage is no longer viable solution for every VM requested by companies. As a solution Microsoft provides the solution of SOFS (Scale Out File Server). With server 2012 R2 this has been more enhanced with Tired storage option as well. You can find more information about that technology in here. This SAN alternative solution has taken more attention by hardware providers as well. AFAIK several vendors has already started shipping out the hardware boxes of this solution. Dataon have such JBOD designed SOFS file server appliance.

As the above picture define we have given various options to add storage. In my demo I’ve already have setup file server and will go ahead adding that to the VMM console.

Please note you can have your file server in workgroup mode as well. In my scenario file server located inside the Active Directory environment. For the communication I’ll be using a account which have the necessary permissions.

Once the account selected and proceed VMM will scan and find the machine and the available storage capacity,

If you have combination of SSD, SAS & SATA disks in your file server you can do the classification. Classification will help you to identify where you want to keep your virtual machine VHD, VHDX file based on each VM’s IOPS requirement. In my demo I’ve already assigned two classifications,

Once you completed adding the storage to the VMM you can see the availability of the storage by going through Fabric –> Storage –> File Servers,

If you add more storage to the file server and want to expose to the VMM it’s matter of adding more shared storage from VMM console. For that in the VMM go to Fabric –> Storage—> File server —> (in the ribbon select) Create File Share,

Once you complete the task you’ll find the available storage under the VMM.

Now let’s look at the requirement of exposing these storage to HYPER-V cluster. For this we’ve to go to Fabric –> Servers –> Expand All Hosts –> Properties of the HYPER-V cluster,

Under the properties we’ll go to the section of File Share Storage,

Now we’ll go ahead and Add the storage which has been exposed to the VMM storage fabric,

That is one way of using storage to host VM’s for for reasonable price tag 🙂

SAN Storage

Ok now we’ll have a look how to add SAN storage. For this demo I’ve already setup simulated SAN storage in my Domain controller. Prior to adding the SAN storage to VMM you need to know if the storage supports Standards-Based Storage Management Service (SMI-S) More clarification about SMI-S can be read in here. With server 2012 R2 there has been new enhancement on SMI-S side. You can read them here. Now that been shared let’s get to the work 🙂

In the next page you’ll have to provide the SAN storage IP address or name and select the proper credentials,

In the “Select Storage Devices” section you can select the available raw space and tag with proper classification,

Once the task completed you can see the SAN storage under the Arrays section. Now we’ve added the storage we’ll go ahead and create a LUN from the VMM console itself 🙂

Once the task is completed you’ll be able to see the LUN created under the Classification and Pools section,

Now we’ll go ahead and make this storage available for the host groups, for that highlight the LUN we created and in the ribbon select the option of “Allocate Capacity”

Now select the option of “Allocate Storage Pools” and add the available storage,

Now we need to add the “LUN”

Once the task completed you’ll be able to see the added storage for the host group,

Now we can go ahead and add the storage to the HYPER-V host computer. Go to Fabric –>expand Servers –> Expand All Hosts –> Select Clsuter1, Now right click Hyper-v host computer and go to properties and then select Storage,

Click “Add” and you’ll find “Add iSCSI Array” option is available,

Under the Array drop down menu select the provider and then select create,

In a HYPER-V cluster you can repeat those task on every node. Once that task complete you can go to the properties of the HYPER-V cluster and add the storage from cluster properties,

Once the adding the LUN completed you can see the volume in the Cluster Shared Volumes section,

Hi Everyone this time I would like to bring you’ll attention to one of our fellow Virtual Machine MVP (Edvaldo Alessandro Cardoso) who has done great contribution by releasing a book related to SCVMM 2012 SP1. You can get the book from here.

Greetings for everyone for the New Year. This is a great year for Microsoft System Center product family. As for the Virtualization point of view this would be a significant year around VM management. I do believe lot of customers will move ahead and adopt the hybrid HYPER VISOR solution.

SCVMM 2012 has a big role play this year. During my lab setup I’ve captured very high level how you can setup the SCVMM 2012. Click the VMM 2012 logo to access the video.

Apart from that I found below mention urls are really valuable through your journey of learning SCVMM 2012.

I was testing SCVMM with few host machines located in Domain environment and also in workgroup environment. After applying latest updates to the SCVMM I found out the host computers in the workgroup environment giving an error saying unable to update the SCVMM agent installed in those servers. Exact error is as follows,

“Error (10436) Virtual Machine Manager does not support updating an agent on a host that is in a non-trusted domain or on a perimeter network

Recommended Action If the host is in a non-trusted domain, remove Xxxxhost01 from VMM in Hosts view of the VMM Administrator Console. Then use the Add Hosts Wizard to add the host and automatically install a new agent. If the host is on a perimeter network, after you remove the host from VMM, you must manually uninstall the VMM agent from the host computer, install a new agent locally on the host, and then add the host to VMM.”

According to the recommended action when tried to remove the Remote agent from the host computer and removing from the SCVMM console didn’t work.

Found the the main problem is due to the SCVMM agent latest version is not exist in the CD but in the SCVMM machine itself. Located the path to the Remote agent path in CVMM console,

Took a copy of the amd64 folder to the host computer in the perimeter network and apply the agent. During this update process I didn’t remove the host computer from the SCVMM and found out it work without any problems. Didn’t had to reapply the security file either

If you’ve been setup the SSP 2.0 for the first time and try to open the web site you might come up with the above mention error message on the web site. This is something I came across during my testing on SSP 2.0 setup.

Initially my concern has been the SQL setup, I’ve used SQL 2008 setup on Windows 2008 R2 Ent SP1 machine where are not supported! At least I need to setup the SP2 for the SQL. Never the less after applying the SQL SP2 I found out it is not the case.

According to the SSP documentation you’ll have to create service accounts as follows,

Account Name

Requested during

Used for

Prerequisites

High Security

Service Account

VMMSSP server component setup

Running the Windows Service implementation of the VMMSSP server component, the Virtual Machine Manager Self-Service Portal 2.0 service, and underlying services and processes. The server component also uses this account for external communication, such as:

· Communicating with the VMM server and performing tasks that require interacting with the VMM server.

· Communicating with the VMMSSP database.

Make sure this is an Active Directory domain account.

Before you install the VMMSSP server component, make sure this account has administrative permissions on the VMM Administrator Console.

You must also make sure that this account is granted Local Administrator permissions on the computer where you plan to install the server component.

Use a low-privilege domain account

Application Pool Identity

VMMSSP website component setup

Running the application pool used for the VMMSSP website component. The VMMSSP website component also uses this account for external communication, such as:

· Communicating with the VMMSSP server and database components.

· Running tasks that require interacting with the other self-service portal components.

This account can be a domain account.

Use a low-privilege domain account.

Taken from official documentation on SSP 2.0

For both service account and the application pool identity I’ve used the same account. It seems like with Application Pool Identity has not accepted the created service account with the lease privilege given to it. Even after adding the service account to the local Administrator group of the SSP setup server problem still exist. Bit of web search and TechNet forums found out the issue related to the Application Pool Identity service is not having enough permission with the service account. To narrow the issue I’ve assigned the Domain Administrator account for the VMSSP Application Pool,

After that recycle the Application pool and tried to access the SSP site and what do you know it solve the problem!

But the actual question remains why it didn’t work with the least privilege which needs further investigation.

One of my colleague brought a question for me which was interesting to consider and do some solution lookup. His requirement is to assign virtual pc’s to selected users and and only allow them to see the necessary virtual pc’s assigned to them. Of course this seems to be an easy task under the SCVMM but things didn’t went as smooth as I try to explain him when it comes to practical world 🙂

Below is the steps we carried out first,

1. Assign a user account certain rights under the SCVMM – Under this I have taken one domain user account and then assign the particular user with the relevant permissions.

Select the actions user can carry out in the VPC. In this scenario I have kept him all the action which is possible under SCVMM console.

2. In order to make this VPC visible in his Self User Portal I had to give ownership of this VPC to relevant user,

Once that part is completed, our selected user can see the relevant VPC under his SCVMM.

All are fine when we ran into next issue. What is this user is absent and we need to do some maintenance or overlook this VPC for a troubleshooting purpose? VPC ownership can be given for only one user at a time so another use won’t see this VPC under his Self Service Portal. Finally we managed to solve the problem by assigning the ownership of the VPC’s to a GROUP instead of user accounts. Funny this remind me the fundamentals of the Windows ACL. (Accounts into Groups and then provide Permission to that)

Same theory we managed to apply over here as follows,

First create a relevant service level groups in the Active Directory database, and then add the relevant user.

Move to SCVMM server and under the Administration section add the Group and provide the same permission provided as above for a single user,

next under the Virtual Machines section select each VPC and select the group we created as the owner.

Once that completed and log in using one of the user account in that group we’ll be able to see the virtual Pc’s assigned to particular Group,

In a scenario when the relevant users does not exist Administrator still have the privilege of logging in and do the necessary modifications to VPC’s. Even though it would be ideal if we can have the option of assigning permission for each VPC and still allow other users to access the same VPC though User Portal.